Reinvent 2019 Day 1

I’m at Amazon Web Services' Re:Invent 2019. I’ve gone to every re:invent except for one. It’s always an interesting mixed bag of experiences, but I can say for sure that I think they’ve just about got this thing down. This conference is run much better than it was last year. There’s enough session repeats, enough venues, enough shuttles, and just generally enough of everything to keep you moving. There’s almost too much to do on the social side of things. There’s no way you can hit every social event. It’s even hard to find them because there’s so many. (Seems strange, but true).

Over the next few days, I intend to keep a log of some of the more important notes I took during sessions and other things. There’s really too much data at this point. AWS is moving too fast and you can definitely make a lifetime career out of specializing in AWS.

Let’s start with my notes from day one.

  • There is now operational anomaly detection (using machine learning) in CloudTrail.

  • EC2 Image Builder was announced - previously, we were doing AMI builds with packer in CI/CD. This looks much easier. Going to have to look into the script-ability of this approach.

  • I’ve always looked for interesting ways to explain immutability. The newest one: “phoenix” servers vs. “snowflake” servers.

  • Git is the single source of truth in GitOps (same for Dev%Sec%Ops).

  • Git pull requests can actually be the code that generates the changes in CI/CD (need to investigate this more for our environment).

  • CloudFormation third-party resource & custom resource support - basically, there is the concept of modularization (a la Terraform) in CloudFormation. Interesting. Sorry, I still have to use Terraform though.

  • “TaskCat” testing - deploys template into other regions and generates a pass/fail report.

  • EC2 Image Builder: has STIGs and templates, plus the ability to roll your own via YAML

  • Always start a project with the AMI build pipeline

  • CloudTrail anomaly detection: looks at events as they come in… insight events… audience asked how it is different from Apache Spark. I don’t recall the answer (and didn’t write it down) but it seems to me that Spark isn’t active enough to be an anomaly detection device. What do I know? ¯_(ツ)_/¯

  • Scan AMI’s with Lambda + Inspector (!) - possibility to replace things like Twistlock on containers with ECR image scanning, and now maybe BurpSuite on AMI’s :)

That’s the majority of my interesting notes from day one. There’s lots of announcements from AWS this year and there’s plenty of blog articles to help you catch up. Here’s a nice summary of the keynote announcements. I appreciate it when people take the time to summarize in this way, because I just didn’t want to sit through that keynote. Andy Jassey is cool and all, but he just can’t deliver a keynote.

More notes to come on day 2 and beyond.